diff options
| author | Neel Natu <neelnatu@google.com> | 2024-01-27 15:46:36 -0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-01-30 15:57:26 -0800 |
| commit | 05d8f255867e3196565bb31a911a437697fab094 (patch) | |
| tree | 6c3ecce5291ede90cdcfae6384dcf7c9c0d6cc50 /include/linux/fpga/fpga-mgr.h | |
| parent | 4207b556e62f0a8915afc5da4c5d5ad915a253a5 (diff) | |
kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files
Prior to this change 'on->nr_mmapped' tracked the total number of
mmaps across all of its associated open files via kernfs_fop_mmap().
Thus if the file descriptor associated with a kernfs_open_file was
mmapped 10 times then we would have: 'of->mmapped = true' and
'of_on(of)->nr_mmapped = 10'.
The problem is that closing or draining a 'of->mmapped' file would
only decrement one from the 'of_on(of)->nr_mmapped' counter.
For e.g. we have this from kernfs_unlink_open_file():
if (of->mmapped)
on->nr_mmapped--;
The WARN_ON_ONCE(on->nr_mmapped) in kernfs_drain_open_files() is
easy to reproduce by:
1. opening a (mmap-able) kernfs file.
2. mmap-ing that file more than once (mapping just once masks the issue).
3. trigger a drain of that kernfs file.
Modulo out-of-tree patches I was able to trigger this reliably by
identifying pci device nodes in sysfs that have resource regions
that are mmap-able and that don't have any driver attached to them
(steps 1 and 2). For step 3 we can "echo 1 > remove" to trigger a
kernfs_drain.
Signed-off-by: Neel Natu <neelnatu@google.com>
Link: https://lore.kernel.org/r/20240127234636.609265-1-neelnatu@google.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'include/linux/fpga/fpga-mgr.h')
0 files changed, 0 insertions, 0 deletions